SitePoint Sponsor

User Tag List

Results 1 to 5 of 5

Thread: Site Security

  1. #1
    SitePoint Wizard
    Join Date
    Apr 2004
    Location
    dublin
    Posts
    2,036
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Site Security

    Hi all,

    My client does not want to use an external web hosting company. They are worried about security.

    How can I ensure a highly secure LAMP website?

    Thanks,

    Kevin.

  2. #2
    SitePoint Addict
    Join Date
    Apr 2004
    Location
    Regina, SK
    Posts
    318
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What particular aspect of security are you worried about? Generally, follow good coding practices, check user input, use error handlers to reports suspicious activity. Place any secure information (passwords) outside of web accessible directories.
    Reduce or eliminate spam on your sites without CAPTHCAs
    - maybe it is possible: http://formantispam.thekerrs.ca/

  3. #3
    SitePoint Enthusiast Refresh's Avatar
    Join Date
    Jul 2004
    Location
    Lausanne, Switzerland
    Posts
    46
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    also, do not store passwords, but password hashes. Users won't be able to have their password sent to them, but they can generate another one as needed. At least, if your db is compromized your customers' passwords won't (many reuse the same username/pass combination on other websites).

  4. #4
    get into it! bigduke's Avatar
    Join Date
    May 2004
    Location
    Australia
    Posts
    847
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    1. Ensure webserver security
    2. Ensure db security
    3. ensure php security
    4. ensure OS security

    there's tonnes to be read on this. it

  5. #5
    chown linux:users\ /world Hartmann's Avatar
    Join Date
    Aug 2000
    Location
    Houston, TX, USA
    Posts
    6,455
    Mentioned
    11 Post(s)
    Tagged
    0 Thread(s)
    I would avoid storing sensitive information all together (credit card numbers, identification numbers, etc.). I am not sure if your client needs that info but if they do I would implore them not to keep it on the server.

    Do some reading on IP Tables in Linux. It is a simple way to create your own little firewall and keep unauthorized traffic at bay.

    Also, look into some logging software, or write your own so that you can monitor the system activity and if something does happen you will be able to take action immediately instead of trying to put the pieces together.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •